COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

During the COVID-19 pandemic, people are not traveling much – if at all. As a result, people could be more susceptible to travel loyalty account takeover (accounts that may include large amounts of personally identifiable information like driver’s license and passport numbers). They could also be more vulnerable to attacks because of past breaches and exposures like MGM, Marriott, Choice Hotels and Carnival Cruise Line, to name a few. Many experts are predicting a long, slow recovery to reach a sense of normalcy, while others believe “normal” will never be quite the same. One of the most impacted areas where that is expected is the travel industry.

With a 95 percent drop in passenger travel and most air passengers flying only in emergency situations, it could be hard for some to envision a speedy recovery for the travel and hospitality industries. For that reason, there is another precaution that consumers need to take in this time of quarantine: monitoring their travel loyalty accounts.

COVID-19 could make it easier for fraudsters to steal consumers’ credit card information, passport information, names, dates of birth, along with any other information included in a travel loyalty account. It could also allow scammers to steal credits and travel funds. In fact, one source cited an estimated fourteen trillion flight and hotel miles already go unused each year. That means a lot of travelers are saving up their bonuses or banking credits for unused trips but not cashing them in at the moment, which could attract hackers to travel loyalty accounts as a means to get their hands on PII as well as cash equivalent benefits.

Travel loyalty account takeover has been a problem for a long time. However, with people putting a halt to their travel plans for the immediate future, identity theft advocates like the Identity Theft Resource Center worry that those unmonitored accounts could be vulnerable to an attack due to lack of use or oversight. Account-holders need to protect themselves, and their accounts, in a variety of ways.

Fortunately, the steps that can help people protect their travel loyalty accounts are identical to the actions that users can take to secure any account type. First, people should monitor their account routinely for any signs of suspicious activity and report the activity immediately. Next, people need to be very cautious about clicking any links in emails, even ones that appear to pertain to travel loyalty credits or funds. Finally, people should secure their account with a strong, unique passphrase—one that is not easily guessed by hacking software and that is not reused on other accounts. It is also advised to change the account passphrase from time to time to prevent credential stuffing.

Anyone who believes they have fallen victim to travel loyalty account takeover is encouraged to live-chat with an expert advisor from the Identity Theft Resource Center. Victims can also call toll-free at 888.400.5530.